Commits
Peter Korsgaard committed 9d1dab1b80a
libupnp: add upstream security fix for CVE-2016-6255 If there's no registered handler for a POST request, the default behaviour is to write it to the filesystem. Several million deployed devices appear to have this behaviour, making it possible to (at least) store arbitrary data on them. Add a configure option that enables this behaviour, and change the default to just drop POSTs that aren't directly handled. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>